PKCE is a security extension to OAuth 2.0 for public clients on mobile devices, designed to prevent malicious applications from intercepting the authorization code.
PKCE-X requires Node.js v12+ to run.
Install the dependencies and start the server.
npm install pkce-xFor production environments...
npm install pkce-x --production
NODE_ENV=productionOpen your favorite Terminal and run these commands.
First invoke the auth service form the package:
import AuthService from "pkce-x";
const service = new AuthService({
client_id: 'XYZ',
client_secret: 'XYZ', // Optional. Use this if you want to send basic credentials with a base64 header.
redirect_uri: 'http://localhost:3000/pkce-demo',
authorization_endpoint: 'https://example.com/oauth2/authorize',
token_endpoint: 'https://example.com/oauth2/token',
requested_scopes: '*',
storage: localStorage, // Optioanl. By default it set to session storage.
organization: "PKCE-X" // Optioanl.
});
Authorize the application:
service.authorize();Exchange the metadata with authentication server and browser:
service.exchange();Get the access token:
service.getToken();Get the expire in time:
service.getExpiresIn();Get the scopes:
service.getScope();MIT